Friday, 10 October 2014

 
 Hack an Website ? SQL Injection ? Very simple by Konduru Jashwanth
 
Are you looking for some useful tips to improve your web projects security? In this post I suggest you some interesting points about this topic.
Hacking is very interesting topic you can improve programming skill.
SQL Injection
SQL Injection like this
 
 
Login Java Code

String userid = request.getParameter(“userid”);
String password = request.getParameter(“password”);
Class.forName(“sun.jdbc.odbc.JdbcOdbcDriver”);
connection = DriverManager.getConnection(“jdbc:odbc:projectDB”);query = “SELECT * FROM Users WHERE user_id =’” + userid + “‘ AND password =’” + password +”‘”;
PreparedStatement ps = connection.prepareStatement(query);
ResultSet users = ps.executeQuery();
if(users.next()){
//some thing here
}
else{
}

Injection Works like this

query = “SELECT * FROM Users WHERE user_id =” OR 1=1; /* AND password =’*/–’”;
Login PHP Code;
Username = ‘ OR 1=1;//
Password = ….
$myusername=$_POST['usr'];
$mypassword=$_POST['pwd'];$sql=”SELECT * FROM users WHERE user=’$myusername’ and password=’$mypassword’”;
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
//some code
}
else {
}

Injection Works like this

$sql=”SELECT * FROM users WHERE user=”OR 1 = 1;//’ and password=’….’”;
How to avoid these mistakes Use addSlashes() function adding slashes(/) to the string in java and php
//Java Code
addSlashes(String userid);// PHP Code
$myusername=addslashes($_POST['usr'];);
Hacker is intelligent than programmer. So always hide the file extension (eg: *.jsp,*.php,*.asp).
http://xyz.com/login.php to http://xyz.com/login
http://xyz.com/login to http://xyz.com/signin.do
In Java redirect this URL links using Web.xml file and inn php write .htaccess file in root directory


any queries Comment or ping me

Email: kondurujashwanth@instructor.net
Categories:

16 comments:

  1. Thank you.....@admin

    ReplyDelete
  2. Thank you so much for giving such a details.
    It is nice post That contain the details of sql commends.
    Good post. Great job.

    ReplyDelete
  3. Good stuff man.. I'm about to learn something new. :D

    BTW I would like to invite all of you guys to this one-of-a-kind bitcoin opportunity.

    Visit us here: https://goo.gl/Fkk84q

    Regards,
    EJ

    ReplyDelete
  4. .i want to sincerely and openly thank blackhatservers@gmail.com for her service…She saved me from infidelity and lies of my cheating husband. She was able to hack his phone so i listen to every call he either make or receive, email passwords and Facebook …i know there are lots of people out there looking for proof and evidence about one thing or the other. Be open and real with her so she can even be at the best of her service to you. Do contact her by email on blackhatservers@gmail.com

    ReplyDelete
  5. I admit, I have not been on this web page in a long time... however it was another joy to see It is such an important topic and ignored by so many, even professionals. I thank you to help making people more aware of possible issues. website improve

    ReplyDelete
  6. very interesting blog.This will help lot of user to update their knowledge.Thanks for sharing.

    White Label Website Builder

    ReplyDelete
  7. I dont really know much about hacking after so many tries i met Cyberhacking lord who later help me find out my husband has been cheating on me and stealing from my bank account, he had this scheme going for 6 months. He gave me access to his mail,social media account,phone(could see deleted messages) and even track his location, still going to sue to him. Having doubts in your relationship? contact him (cyberhackinglord@gmail.com)

    ReplyDelete
  8. Great post, and great website. Thanks for the information!
    Sj-foundation.org

    ReplyDelete
  9. Can you please the Login Java Code did not get these points other wise its appreciated.

    ReplyDelete
  10. Confront your cheating spouse with evidence, i was able to spy on my cheating ex phone without finding out.....
    it really helped me during my divorce ...you can contact cyberprofessionalhacker@gmail.com call and for
    spying and hacking social networks, school servers, icloud and much more, viber chats hack, Facebook messages and
    yahoo messenger, calls log and spy call recording, monitoring
    SMS text messages remotely, cell phone GPS location tracking, spy on Whats app Messages,CYBERPROFESSIONALHACKER@GNAIL.COM
    his services are AFFORDABLE

    ReplyDelete
  11. Hack Ethics is an experienced online Private Investigator/Ethical Hacker providing investigative solutions and related services to individuals. You may find my services of use, my areas of expertise include the following: fidelity check, mobile hack and access, social media hack, email, educational institutions, clearing criminal records, accounts recovery, websites, database etc. Have you been scammed because all you were looking for was love? We can help you in 2 ways.
    1. Verify the person's identity before meeting the person and moving to the next step.
    2. If you have been scammed online and would like to track the person's location so you can proceed with some type of action. Stop being scammed by fake hackers. Hire a Ethical Hacking game roup who are professional and real. You might be curious that what hacking group services can provide? .. If you want to hire a hacker, you should contact me at hackethics008@gmail.com or text only - +1 (630) 755-8868

    ReplyDelete
  12. Cool yaar amazing. thanks for sharing.

    ReplyDelete
  13. If you need any help on how to protect your phone from being hacked, you can find them here

    ReplyDelete
  14. ★COMPOSITE HACKS★

    If Truly you Are In Need Of A LEGIT PROFESSIONAL HACKER Who Will Get Your Job Done Efficiently With Swift Response, Congratulations, You Have Met the Right HACKERS.

    ★ WHO ARE COMPOSITE HACKS???
    • We are a Team Of Professional HACKERS , a product of the coming together of Legit Hackers from the Dark-Web (pentaguard, CyberBerkut, White Hack and Black Hat,) we have been existing for over 12years, our system is a very strong and decentralized command structure that operates on ideas and directives.

    ★ JOB GUARANTEE:
     • Frankly speaking, I always give a 100% guarantee on any job we are been asked to do, because we have always been successful in Almost all our jobs for over 12years and our clients can testify to that.
    The Problem we are Facing right now is that there are so many fake Hackers here online who are claiming what they are not, just to embezzle innocent people's money. But its only the SMART People that would be able to distinguish between these enormous Fake Hackers and the Few LEGIT HACKERS. I could remember there was a time i started hacking their emails and shutting it down, but at a point i observed that these scam hackers are enormous, how many of them am i gonna hack? I had to Leave them and Face my Job.
    - COMPOSITE HACKS is One of the Leading Hack Teams in the United States With so Many Awards from the IT Companies.


    ★ OUR HACKING CAPABILITIES:
    We Offer Varieties Of LEGIT Hacking Services With the Help Of Our Root HackTools, Special HackTools and Our Technical Hacking Strategies.
    - Below is a List Of Services we Render Often:
    ★Penetration Testing
    ★ Phishing
    ★ Jail Breaking.
    ★ Phone Hack: Giving you access to the Target's Call Log, messages, chats and all social media Apps .
    ★Retrieval Of Lost Files
    ★ Location Tracking.
    ★ Clearing Of Criminal Records.
    ★ Hacking Of Server, Database And website e.g Facebook, twitter, Instagram Snapchat etc

    ★ SOME OTHER SPECIAL SERVICES WE OFFER:
    ★ Bank Accounts Loading ( Only USA Banks)
    ★ Credit Cards Loading (Only USA CC's)
    ★ One Vanilla Cards Loading ($100 cards and above)
    ★ Sales Of HACKED/PROGRAMMED ATM Cards & CC's ( For All Countries.)

    ★ You can also contact us for other Cyber Attacks And Hijackings, we do almost All.

    ★Contact Us for Your Desired Service Via: compositehacks@gmail.com

    ★Our Website : www.compositehacks.blogspot.com

    ★We Treat Every Request With Utmost Confidentiality★

    ReplyDelete
  15. *Cheating Spouse *University grades changing *Bank accounts hack *Twitters hack *email accounts hack *Grade Changes hack *Website crashed hack *server crashed hack *Retrieval of lost file/documents *Erase criminal records hack *Databases hack *Sales of Dumps cards of all kinds *Untraceable Ip *Individual computers hack *Websites hack *Facebook hack *Control devices remotely hack *Burner Numbers hack *Verified Paypal Accounts hack *Any social media account hack *Android & iPhone Hack *Word Press Blogs hack *Text message interception hack *email interception hack

    contact: hackwithjonny at gmail dot com +17272202668

    ReplyDelete




    Ankush Mohanty: is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other then this he is a Certified Ethical Hacker. His all efforts are to make internet more Secure.


    MyFreeCopyright.com Registered & Protected
    MyFreeCopyright.com Registered & Protected